Share your VPN Experience
Cisco has made changes for the Security exams by replacing the old CCSP with the new CCNP Security Certification with 4 modules: Secure, Firewall, IPS and VPN. In fact, the old CCSP and the new CCNP Security are very similar. Many candidates have requested us to put up materials for these new exams but it is a time-consuming work. In the mean time, we created the “Share your experience” for the VPN exam. We really hope anyone who read securitytut, 9tut, digitaltut, certprepare, networktut and voicetut contribute to these sections as your experience is invaluable for CCNP Security learners to complete their goals.
Please share with us your experience after taking the VPN 642-647 exam, your materials, the way you learned, your recommendations…
Hi all
help plz in this question
——
Dynamic access policies can support several posture assessement methods to collect endpoint security attributes . from which operating system does an endpoint collect information ?
A.CISCO NAC
B.Advanced Endpoint Assessment
C.Hosat Scan
D.CISCO Secure Desktop
@Angelo
D.CISCO Secure Desktop
Passed today with 964!,
Labs -> SIM & check config to answer
D&D -> portals
Good luck to all
Copy link and paste in your browser
poweredbydialup.online/WV4VY
The ISAKMP MM1 main mode message is sent from the spoke to the hub using the default IKE port.
The hub processes received MM1 and replies with an appropriate ISAKMP policy MM2 message.
The spoke receives an MM2 message, sends an MM3.
The hub receives MM3 and replies by sending MM4.
The spoke replies on port UDP4500 if NAT is detected in the transit path or UDP500 when NAT-T is not detected.
The hub replies by sending MM6, which completes the main mode exchange.
The spoke validates the received ISAKMP policy.
The NHRP Registration Request is encapsulated in GRE..
I think this is what should be the correct order:
1. The NHRP Registration Request is encapsulated in GRE
2.ISAKMP MM1 sent from spoke to hub
3. Hub receives MM1 replies with MM2
4. Spoke received MM2 replies with MM3
5. Spoke validates received ISAKMP policy
6. Hub received MM3 replies with MM4
7. Spoke replies on UDP4500 if NAT is detected in the transit path or UDP500 when NAT-T is not detected
8. Hub replies with MM6, which completes main mode exchange….
@ Danny
its wrong
the correct order is :
1. The NHRP Registration Request is encapsulated in GRE
2. ISAKMP MM1 sent from spoke to hub
3. Hub receives MM1 replies with MM2
4. Spoke received MM2 replies with MM3
5. Hub received MM3 replies with MM4
6. Spoke replies on UDP4500 if NAT is detected in the transit path or UDP500 when NAT-T is not detected
7.Hub replies with MM6, which completes main mode exchange…
8. Spoke validates received ISAKMP policy
Hi,
thanks for the sharing Anonymous, could you confirm below question in the exam is getting is this way or we should follow Wild_wolf way. if both are fine so which one is the best.
Note: friday is my exam so i am still confusing in D&D
@ Danny
its wrong
the correct order is :
1. The NHRP Registration Request is encapsulated in GRE
2. ISAKMP MM1 sent from spoke to hub
3. Hub receives MM1 replies with MM2
4. Spoke received MM2 replies with MM3
5. Hub received MM3 replies with MM4
6. Spoke replies on UDP4500 if NAT is detected in the transit path or UDP500 when NAT-T is not detected
7.Hub replies with MM6, which completes main mode exchange…
8. Spoke validates received ISAKMP policy
@Anonymous:
1. When the Tunnel on the Spoke is “no shutdown” it generates a NHRP Registration Request, which starts the DMVPN process. As the Hub’s configuration is completely dynamic, the Spoke must be the endpoint which initiates the connection.
2. The NHRP Registration Request is then encapsulated in GRE which triggers the crypto process to start.
3. At this point, the first ISAKMP Main Mode message – ISAKMP MM1 – is sent from the Spoke to the Hub on port UDP500.
4. The Hub receives and processes MM1 and responds with ISAKMP MM2, as it has a matching ISAKMP policy.
5. Once the Spoke receives the MM2, it responds with MM3. As with MM1, the Spoke confirms the received ISAKMP policy is valid.
6. The Hub receives MM3 and responds with MM4.
7. At this point in the ISAKMP negotiation, the Spoke might respond on port UDP4500 if NAT is detected in the transit path. However, if no NAT is detected the Spoke continues and sends MM5 on UDP500. Lastly, the Hub responds with MM6 in order to complete the Main Mode exchange.
8. Once the Spoke receives MM6 from the Hub, it sends QM1 to the Hub on UDP500 in order to begin Quick Mode.
Check out step 5 it says there clearly as with MM1 spoke confirms received ISAKMP policy is valid…
Can you please explain why have you kept validated ISAKMP policy after MM is complete?
Hello,
I passed today here are few tips. below link is Exam details
2. Supermario still enough to make you pass with 7 new questions here.
4. DMVPN eight steps if you go through Wild_Wolf steps then you should be alright..
1. The NHRP Registration Request is encapsulated in GRE
2. ISAKMP MM1 sent from spoke to hub
3. Hub receives MM1 replies with MM2
4. Spoke received MM2 replies with MM3
5. Hub received MM3 replies with MM4
6. Spoke replies on UDP4500 if NAT is detected in the transit path or UDP500 when NAT-T is not detected
7.Hub replies with MM6, which completes main mode exchange…
8. Spoke validates received ISAKMP policy
http: // prntscr . com/r2gaqi
Ali it means this is correct 8 steps or it is relate with which 8 steps from 11 steps come ?
Passed today
DD DVPN Steps and packets types
Lab was bookmarks
Sim asa
Mario and passleader still good
Just look at the last for pages on here
@ Howaythelsd
Congratulation
please is DD DMVPN eight steps like ALI said?
@sourid
I used the one from hethey are on this page are on this page
passed today 9xx
super mario dump + 7 new Q (Plz read very good, I had 6 of it)
DMVPN D&D
VPN states D&D
Bookmarks Lab
ASA Sim
——
focus on GET VPN , because I had 3 Q (included in Supermario)
——
i had a bug in ASA sim
in the transform set !
the one is used is not in the choices !!!
——
Bookmarks Lab worked very well with me
just don’t forget to logout from the guest PC at the begging when you test
——
the DMVPN D&D it’s the same to @Ali comment
but I didn’t arrange like him :)
——
Finally, I would like to thank this great forum!
See you :)
Hi Angelo,
Congrats !
How did you arrange the DMVPN D&D ?
Hi!
Congratulations!
Took the 300-209 exam on 13/Feb/2020 and passed it with 920 points!
Got totally 57 questions, ALL QUESTIONS ARE IN PassLeader 300-209 dumps (459q).
Bookmarks Lab (got no shortcuts issue in it…sadly to say) and DMVPN (is random it can start from NHRP request than go from phase MM3).
All in all, thanks PassLeader 300-209 dumps (459q), it helped a lot for my passing!
Good luck!
And,
CCNP Security dumps collection FYI:
1. PassLeader 300-206 dumps FYI:
od.lk/fl/NjFfMTUyNjc0M18
(494q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
2. PassLeader 300-208 dumps FYI:
od.lk/fl/NjFfMTUyNjc0NV8
(521q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
3. PassLeader 300-209 dumps FYI:
od.lk/fl/NjFfMTUyNjc0N18
(459q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
4. PassLeader 300-210 dumps FYI:
od.lk/fl/NjFfMTUyNjc0OV8
(499q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
Good Luck!!!
[(copy those links and open them in your web browser!!!)]
fine so which one is the best.
Note: friday is my exam so i am still confusing in D&D
@ Danny
its wrong
the correct order is :
1. The NHRP Registration Request is encapsulated in GRE
2. ISAKMP MM1 sent from spoke to hub
3. Hub receives MM1 replies with MM2
4. Spoke receidqwved MM2 replies with MM3
5. Hub received MM3 replies with MM4
6. Spoke replies on UDP4500 if NAT is detected in the transit path or UDP500 when NAT-T is not detected
7.Hub replies with MM6, which completes main mode exchange…
8. Spoke validates received ISAKMP policy
NEW QUESTION 490
Which action do you take on a Cisco router to limit the management traffic to only one interface?
A. Filter incoming connections by applying an extended ACL on a loopback interface.
B. Filter incomingsdawdgement Plan Protection feature.
D. Add an interface by using the management-interface command.
Answer: C
Some of you might remember me, I’m looking for the 210-260 IINS for a friend, drop me a email if you have the latest dump. Thanks.
medave775 *at* gmail.com
Hi All,
I would like to know if there is a document that I can refer to for “Bookmarks LAB”. I’m confident that I can clear the exam on Thursday. Good luck everyone.
@Azhar, let me know your email and I will send it to you.
Does anyone know where is the option to check the anti-reply size
Thanks in advance.
@Dani,
white_boy*@*hotmail.fr
Could you send me please ?
Many thanks in advance.
Thank you @dani
Please send to
Azhar*.*mohideen8 *@*gmail.com
Remove all *
enable
configure terminal
crypto map map-name seq-num [ipsec-isakmp ]
set security-association replay window-size [ N ]
set security-association replay disable
You can check if anti replay is enabled or not from below command . Look for “replay detection support: Y”
Show crypto ipsec sa
SSL VPN – LAB
=========
htt: *//w*ww.examtopics.com/*discussions/cisco/*view/8510-exam-300-209-topic-1-question-133-discussion/
NHRP D&D
=======
NHRP D&D – Correct order
1. The NHRP Registration Request is encapsulated in GRE
2. ISAKMP MM1 sent from spoke to hub
3. Hub receives MM1 replies with MM2
4. Spoke received MM2 replies with MM3
5. Spoke validates received ISAKMP policy
6. Hub received MM3 replies with MM4
7. Spoke replies on UDP4500 if NAT is detected in the transit path or UDP500 when NAT-T is not detected
8. Hub replies with MM6, which completes main mode exchange….
Thank you @Azhar
The problem is that there is a question in which you have to check the option anti-replay on ASDM instead of CLI, do you know where I can found it?
Thanks once again.
@Dani_Prime
Sorry, i could not find answer for your question..
Thanks to everyone .. I have just cleared 300-209 with supermario dumps. I might be the last person to write this exam..
Let’s keep this forum active with new cisco exams..
Stay blessed.. once again thanks everyone ..
Cheers
I have my exam tomorrow and I would like to know if you got the following scenario in your exam:
If the question is:
What is the name of the transform set being used on the ISR?
then the correct answer is D (TSET)
but if the question is;
Which transform set is being used on the branch ISR?
then the correct answer is B (ESP-3DES ESP-SHA-HMAC)
Router1#sh crypto ipsec transform-set
Transform set TSET: { esp-3des esp-sha-hmac }
will negotiate = { Tunnel, },
Many thanks.
@Dani_Prime – answer is ESP-3DES ESP-SHA-HMAC
passed yesterday 9xx!
supermario still valid
DMVPN D&D
VPN states D&D
Bookmarks Lab
ASA Sim
thanks to all
No more MCQ for CCIE level exams. CCNP Core exam will act as a prerequisite for writing CCIE Lab and to get CCNP cert.
My next target is to get CCNP Core 350-701 and prepare for CCIE Lab in a couple of years.
350-701 SCOR Exam: Implementing and Operating Cisco Security Core Technologies.
Let us keep this forum updated.
Cheers!
Hello i am new user and i would to ask you, How to disable a pm?